<?php 
/*
Copyright 2007 Dan Boitnott (dan@lclinux.org)

This file is part of phpTasks.

phpTasks is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

phpTasks is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with phpTasks; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/ 

require("common.php");

if (!$USER["modifyusers"]) {
	echo ("You are not authorized to access this page.");
	exit;
}

if (!isset($HTTP_VARS["action"]))
	$action = "list";
else
	$action = $HTTP_VARS["action"];

if ($action == "Cancel") {
	redirect("index.php");
	exit;
}

if ($action == "password") {
	if ($HTTP_VARS["subaction"] == "Ok") {
		if ($HTTP_VARS["pass1"] == $HTTP_VARS["pass2"]) {
			$sql = "UPDATE ausers SET pwhash=md5('" . $HTTP_VARS["pass1"] . "') WHERE userid=" . $HTTP_VARS["userid"];
			pg_exec($sql);
			redirect("userman.php");
			exit;
   		} else {
			$setpass = array("userid" => $HTTP_VARS["userid"], "name" => $HTTP_VARS["name"], "error" => "Passwords Don't Match");
		}
	} else {
		redirect("userman.php");
		exit;
	}
}

if (is_array($HTTP_VARS)) {
	foreach ($HTTP_VARS as $k => $v) {
		if (substr($k, 0, 4) == "umv_") {
			$userid = substr($k, 4, strpos($k, "_", 4) - 4);
			$field = substr($k, strpos($k, "_", 4) + 1);
			if (!is_array($updates[$userid])) {
				$updates[$userid] = array (	"delete"		=> "false"	,
								"name"			=> "Noname"	,
								"may_logon"		=> "false"	,
								"loginid"		=> ""		,
								"email"			=> ""		,
								"may_modifytasks"	=> "false"	,
								"may_modifyusers"	=> "false"	,
								"may_viewalltasks"	=> "false"	);
			}
			$updates[$userid][$field] = $v;
		}
		if (substr($k, 0, 13) == "set_password_" && $v == "Set Password") {
			$userid = substr($k, 13);
			$setpass = array("userid" => $userid, "name" => $updates[$userid]["name"]);
		}
	}
}

if (is_array($updates)) {
	foreach ($updates as $k => $v) {
		if ($k > 0) {
			if ($v["delete"] == "true") {
				$sql = "UPDATE ausers SET deleted=now() WHERE userid=" . $k;
			} else {
				$sql = 	"UPDATE ausers SET " .
					"name='" . $v["name"] . "', " .
					"may_logon=" . $v["may_logon"] . ", " .
					"loginid='" . $v["loginid"] . "', " .
					"email='" . $v["email"] . "', " .
					"may_modifytasks=" . $v["may_modifytasks"] . ", " .
					"may_modifyusers=" . $v["may_modifyusers"] . ", " .
					"may_viewalltasks=" . $v["may_viewalltasks"].
					" WHERE userid=" . $k;
			}
   		}
		//echo ($sql . "<br>");
		pg_exec($sql);
	}
}

if ($action == "Ok") {
	redirect("index.php");
	exit;
}

if ($action == "New User" && $updates[0]["name"]) {
	$v = $updates[0];
	$userid = reserve_sequence($conn, "ausers_userid_seq");
	$sql = 	"INSERT INTO ausers (userid, name, may_logon, loginid, email, may_modifytasks, may_modifyusers, may_viewalltasks) VALUES (" .
		$userid . ", " .
		"'" . $v["name"] . "', " .
		$v["may_logon"] . ", " .
		"'" . $v["loginid"] . "', " .
		"'" . $v["email"] . "', " .
		$v["may_modifytasks"] . ", " .
		$v["may_modifyusers"] . ", " .
		$v["may_viewalltasks"] . ")";
  	pg_exec($sql);
	$setpass = array("userid" => $userid, "name" => $updates[$userid]["name"]);
}

if (is_array($setpass)) {
	std_header("Set Password");
?>
	<h1>Set Password For <?=$setpass["name"]?></h1>
<?php
	if (isset($setpass["error"])) {
		echo ("<h3>" . $setpass["error"] . "</h3>");
  	}
?>
	<form action='userman.php' method=post>
		<input type=hidden name='userid' value='<?=$setpass["userid"]?>'>
		<input type=hidden name='name' value='<?=$setpass["name"]?>'>
		<input type=hidden name='action' value='password'>
		<table border=0>
			<tr>
				<td class="form_label">Password:</td>
				<td class="form_field"><input type=password name='pass1'></td>
    			</tr><tr>
				<td class="form_label">Confirm Password:</td>
				<td class="form_field"><input type=password name='pass2'></td>
    			</tr><tr>
				<td></td>
				<td class="form_field">
					<input type=submit name='subaction' value='Ok'>
					<input type=submit name='subaction' value='Cancel'>
     				</td>
         		</tr>
       		</table>
	</form>
<?php
	std_footer();
	exit;
}

std_header("User List");
?>
<h1>Users</h1>
<form method=post action=userman.php>
<table align=center border=0>
	<tr class=std_table_header bgcolor=gray valign=bottom>
		<td align=center>Delete</td>
		<td align=left>Name</td>
		<td align=center>Enabled</td>
		<td align=center>PW</td>
		<td align=left>Apache Name</td>
		<td algin=left>E-Mail</td>
		<td align=center>Modify Tasks</td>
		<td align=center>Modify Users</td>
		<td align=center>Access All Tasks</td>
	</tr>
<?php
	$sql = "SELECT * FROM users ORDER BY name";
	$res = pg_exec($sql);
	$rc = pg_numrows($res);
	for ($rnum = 0; $rnum < $rc; $rnum++) {
		$r = get_row($res, $rnum);
?>
		<tr bgcolor=silver>
			<td align=center><input type=checkbox name='umv_<?=$r["userid"]?>_delete' value='true'></td>
			<td align=left bgcolor=silver><input type=text width=10 name='umv_<?=$r["userid"]?>_name' value='<?=$r["name"]?>'></td>
			<td align=center><input type=checkbox name='umv_<?=$r["userid"]?>_may_logon' <?=($r["may_logon"]) ? "checked" : ""?> value='true'></td>
			<td align=center><input type=submit name='set_password_<?=$r["userid"]?>' value='Set Password'></td>
			<td align=left><input type=text width=10 name='umv_<?=$r["userid"]?>_loginid' value='<?=$r["loginid"]?>'></td>
			<td align=left><input type=text width=10 name='umv_<?=$r["userid"]?>_email' value='<?=$r["email"]?>'></td>
			<td align=center><input type=checkbox name='umv_<?=$r["userid"]?>_may_modifytasks' value='true' <?=($r["may_modifytasks"]) ? "checked" : ""?>></td>
			<td align=center><input type=checkbox name='umv_<?=$r["userid"]?>_may_modifyusers' value='true' <?=($r["may_modifyusers"]) ? "checked" : ""?>></td>
			<td align=center><input type=checkbox name='umv_<?=$r["userid"]?>_may_viewalltasks' value='true' <?=($r["may_viewalltasks"]) ? "checked" : ""?>></td>
		</tr>
<?php
	}
?>
	<tr bgcolor='#aaaaff'>
		<td align=right><input type=submit name='action' value='New User'></td>
		<td align=left bgcolor=silver><input type=text width=10 name='umv_0_name' value=''></td>
		<td align=center><input type=checkbox name='umv_0_may_logon' value='true'></td>
		<td align=center></td>
		<td align=left><input type=text width=10 name='umv_0_loginid' value=''></td>
		<td align=left><input type=text width=10 name='umv_0_email' value=''></td>
		<td align=center><input type=checkbox name='umv_0_may_modifytasks' value='true'></td>
		<td align=center><input type=checkbox name='umv_0_may_modifyusers' value='true'></td>
		<td align=center><input type=checkbox name='umv_0_may_viewalltasks' value='true'></td>
	</tr>
</table>
<center>
<input type=submit name='action' value='Ok'>
<input type=submit name='action' value='Update'>
<input type=submit name='action' value='Cancel'>
</center>
</form>
<?php
		std_footer();
?>
